Compact GUI for pass

New features in V1.2
-) Fixed progress bar if a password is in clipboard and another one is retrieved
-) Added option for “pass open --force”
-) Added some popups if errors occurs

I didn’t forgot about the search feature but I am still thinking where to put it in the GUI.

Until something is added you can already just click on the password list and type on the keyboard.
This search will only look from the beginning of the text and only in the open levels of the password store. Which means usually not in folders.

But I hope this tip helps a little bit?

1 Like

Just looked into the project again :slight_smile: and questions came up:

  • Could you enable ‘issues’ in your repo?
  • If my pass tomb is open already there seems to be no way to start pass-mgr-compact. I have to close it again and then pass-mgr-compact starts after opening it again.
  • If the former issue would be resolved, could pass-mgr-compact leave the pass tomb in the state it found it in when it quits?
    • When pass-mgr-compact started and pass tomb already had been unlocked: when quitting pass-mgr-compact will leave the tomb open.
    • pass-mgr-compact starts and has to open the pass tomb: when quitting it will close the pass tomb.
  • add X-Purism-FormFactor=Workstation;Mobile; to the .desktop file to have it shown in phosh menu as a mobile friendly application
  • You provide a debian package :slight_smile: - thankfully installed! Could you upload your ./debian/ directory so that the package can be build from the repository
    • and even better could there be an automatic build on gitlab (don’t know if it is possible without paying for gitlab or at all, but an alternative would be to clone the repo to Purism gitlab or to sourcehut)
  • If I try to start pass-mgr-compact via the app menu on my Librem5 nothing happens. Trying via cli gives me the sudo prompt, because sudo is needed to unlock the pass tomb.
    • There should be an error message instead of silently failing
    • Best would be to offer a way to sudo to open pass¹

I really like the idea of pass-mgr-compact to have an easy way to access my password store, when not near a keyboard. Thanks for starting and sharing it!

¹) Best would be to offer a way to sudo to open pass

tomb needs to call sudo or doas to get root access to be able to setup a loop device. There’s some discussion about putting the necessary commands into the sudo configuration. Another option would be to use sudo and set export SUDO_ASKPASS=/usr/bin/ssh-askpass for pass-mgr-compact.

There’s a commit to tomb taking in account the SUDO_ASKPASS environment when calling sudo commands.

I locally updated my tomb script to the master branch version, set export SUDO_ASKPASS=/usr/bin/ssh-askpass, started pass-mgr-compact and got a ssh-askpass window asking for my password.

Setting this up to run from the .desktop file (Exec=env SUDO_ASKPASS=/usr/bin/ssh-askpass /usr/bin/pass-mgr-compact) worked also, but I’ve been asked for my password for every sudo command tomb needed to run. Would be nice to find a secure way to avoid this.

New features in V1.3
-) Added handling if tomb is already open
-) Added ‘X-Purism-FormFactor=Workstation;Mobile;’ to show that pass-mgr-compact is mobile friendly

1 Like

Thx, for your feedback!

I integrated the handling of an open tomb.
If the tomb was open on start of pass-mgr-compact it asks at the end if it should close the tomb.
This way the user always has notice if the tomb stays open.

I also added the flag to highlight is as mobile friendly.
If you use a tomb and it is closed you will still have to manually open it or start it from a terminal.

What I left out is the SUDO_ASKPASS.
I could not find “/usr/bin/ssh-askpass” on my debian installation.
And probably the correct way would be to fix “tomb”.

I don’t have a “.debian” directory. I just use “dpkg-deb --build --root-owner-group pass-mgr-compact_1.3” to build a new version.
Do you have a description how to do this with a “.debian” directory?

1 Like

SUDO_ASKPASS seems to be the correct way (well, there’s still that issue that nobody wants to enter their password for each command tomb wants to sudo) and it is the solution shortly integrated into tomb:

I’d hope that you’d not need to change anything in pass-mgr-compact except maybe the .desktop file to include the setting of the environment variable SUDO_ASKPASS and the dependencies in the debian package to pull in one of

$ apt-cache search ssh-askpass
ksshaskpass - interactively prompt users for a passphrase for ssh-add
kwalletcli - command line interface to the KDE Wallet
lxqt-openssh-askpass - OpenSSH user/password GUI dialog for LXQt
lxqt-openssh-askpass-l10n - Language package for lxqt-openssh-askpass
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-add
ssh-askpass - under X, asks user for a passphrase for ssh-add
ssh-askpass-fullscreen - Under Gnome2, asks user for a passphrase for ssh-add

I’ll look into that when I find time and on the way I’ll probably be able to provide the ./debian directory.

Thanks a lot for integrating the other stuff so quickly! I need to update :slight_smile: .

What about opening the issues in gitlab to keep track of ideas and bugs and the decision made about how to handle them?

Thx, I now activated the issues. Hopefully correctly.
Please report back if its not working as expected. :slight_smile:

I will have a look into SUDO_ASKPASS and play around with it to see how it feels and later how to configure the dependencies correctly to have the correct ssh-askpass out of the pool for each user.
Even if its now integrated into tomb, Debian will not have it in the next months (as far as I understand the concept of Debian). The new Debian release is already in a freeze and the next stable release will take 2 years.
So it probably would make sense to have at least some workaround in pass-mgr-compact until that happens.

1 Like

copied the discussion about opening a pass tomb via gui to an issue here:

New features in V1.4
-) Added workaround for tomb which requires a sudo password (needs gnome-terminal)
-) Removed undocumented dependency from ‘which’